R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
384
To do… Use the command…
Remarks
Define a packet length
match criterion
if-match packet-length min-len max-len Optional
Define an ACL match
criterion
if-match acl acl-number Optional
Set VPN instances
apply access-vpn vpn-instance
vpn-instance-name&<1-6>
Optional
Set an IP precedence apply ip-precedence value Optional
Set outgoing interfaces
apply output-interface interface-type
interface-number [ track
track-entry-number ] [ interface-type
interface-number [ track
track-entry-number ] ]
Optional
Two interfaces at most can be specified
to send matching IP packets. These two
interfaces are simultaneously active to
achieve load sharing.
For a non-P2P outgoing interface
(broadcast and NBMA interfaces) such
as Ethernet interface, multiple next hops
are possible, and thus packets may not
be forwarded successfully.
Set the outgoing
interface and next hop
(the next hop address is
the gateway address
learned through DHCP)
apply output-interface interface-type
interface-number ip-address next-hop
dhcpc
Optional
Set next hops
apply ip-address next-hop ip-address
[ direct ] [ track track-entry-number ]
[ ip-address [ direct ] [ track
track-entry-number ] ]
Optional
Two next hops at most can be specified.
These two next hops are simultaneously
active to achieve load sharing.
Set default outgoing
interfaces
apply default output-interface
interface-type interface-number [ track
track-entry-number ] [ interface-type
interface-number [ track
track-entry-number ] ]
Optional
Two default outgoing interfaces at most
can be specified. These two interfaces
are simultaneously active to achieve
load sharing.
Set default next hops
apply ip-address default next-hop
ip-address [ track track-entry-number ]
[ ip-address [ track track-entry-number ] ]
Optional
Two default next hops at most can be
specified. These two next hops are
simultaneously active to achieve load
sharing.
NOTE:
• If an ACL match criterion is defined, packets are matched a
g
ainst the ACL rules, whereas the permit or
deny action of the specified ACL is ignored. If the specified ACL does not exist, no packet is matched.
• You can configure two next hops by using the apply ip-address next-hop command twice (first case) or
once (second case). After that, executing the apply ip-address next-hop command with a new next hop
will replace the earlier configured next hop in the first case, or will replace the second next hop specified
in the second case. To remove both next hops, execute the apply ip-address next-hop command a
g
ain
by specifying two next hops. The apply output-interface, apply default output-interface, and apply
ip-address default next-hop work the in same way.